Recently, Keen Security Lab discovered another security vulnerabilities on Tesla cars and realized an attack to CAN-connected ECUs with latest firmware.
Already last year, Keen Security Lab attacked successfully a Tesla car and controlled remotely CAN-connected ECUs. The carmaker fixed the problem in cooperation with Keen Lab. Tesla implemented a security mechanism “code signing” to do signature integrity check of system firmware. Keen Lab bypassed the code signing. The reporting of security vulnerabilities and related exploitations to Tesla follows the “responsible disclosure” process. Security patches have been made and updated to motors via firmware-over-the-air (FOTA) efficiently in July, reported the Keen Security Lab blog. The mentioned issues affect multiple models of Tesla Motors. Based on Tesla’s report, most of the sold cars have been updated with firmware patches.